PT-2022-22353 · Jenkins · Jenkins Build Notifications Plugin+1
Long Nguyen
·
Published
2022-06-30
·
Updated
2023-11-22
·
CVE-2022-34801
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Jenkins Build Notifications Plugin versions 1.5.0 and earlier
Description
The issue is related to the transmission of tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.
Recommendations
For Jenkins Build Notifications Plugin versions 1.5.0 and earlier, update to a version that does not transmit tokens in plain text.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jenkins
Jenkins Build Notifications Plugin